My next step was how to build the db efficiently. I finally decided (with help from r937) to place all of the submitted data into a single db, but to have the user table for admins and normal users be separate. My thought on this was that the users need to authenticate before they can even touch the data.

From the link above (Secure login), I want to give admins the ability to view any account that's created with the option to build users (normal users will not have creation ability). The users themselves can only access their account.

I'm going to use a foreign key to point the data table (acct_ref - ex: 123) to the user table (acct - ex: 123). In the user table, I'll be adding 'acct' and admins will set what account the user is allowed to get details for.

My question is, how would I make the session differentiate between an admin and a normal user? Would this be more in the session itself, or do I need to add more of an if, then, else statement?